From 70f9089fcfb857da0864ec0701f2a886b5e1dbff Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Sun, 30 May 2010 16:59:08 +0200
Subject: fix bug allowing every one to delete the paste

with the mysql storage back end on every call the delete token
was regenerated so, that every one could delete the paste
---
 paste/include/storage/MysqlStorage.php  |  6 +++---
 paste/include/storage/StorageEngine.php | 10 ++++++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php
index 8e16536..fe28007 100644
--- a/paste/include/storage/MysqlStorage.php
+++ b/paste/include/storage/MysqlStorage.php
@@ -114,7 +114,7 @@ INDEX (nick)
 		global $config;
 
 		if ($stmt = $this->mysql->prepare(
-			    'SELECT nick, language, content, description, time FROM ' . $this->table . '
+			    'SELECT nick, language, content, description, time, remote FROM ' . $this->table . '
                              WHERE pid = ? LIMIT 1'))
 		{
 			$stmt->bind_param('s', $pid);
@@ -126,7 +126,7 @@ INDEX (nick)
 				    $this->mysql->error);
 			}
 
-			$stmt->bind_result($nick, $lang, $content, $description, $time);
+			$stmt->bind_result($nick, $lang, $content, $description, $time, $remote);
 
 			if (!$stmt->fetch()) {
 				header('HTTP/1.0 404 Not Found');
@@ -139,7 +139,7 @@ INDEX (nick)
 			if (isset($config['short_results_path']))
 				$get_url = $config['short_results_path'] . $pid . '.html';
 
-			$remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid);
+			$remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid, $remote);
 			echo PastifyText($content, $lang, $description, $get_url, $remove_url);
 		}
 	}
diff --git a/paste/include/storage/StorageEngine.php b/paste/include/storage/StorageEngine.php
index db6e34b..09e1676 100644
--- a/paste/include/storage/StorageEngine.php
+++ b/paste/include/storage/StorageEngine.php
@@ -38,11 +38,17 @@ abstract class StorageEngine
 	abstract public function getContent($pid);
 	abstract public function delContent($pid);
 
-	public function generateToken($name)
+	public function generateToken($name, $remote = '')
 	{
 		global $config;
 
-		$ipAddr = $_SERVER["REMOTE_ADDR"];
+		if (! empty($remote)) {
+			$ipAddr = $remote;
+		}
+		else {
+			$ipAddr = $_SERVER["REMOTE_ADDR"];
+		}
+
 		return sha1($name . $ipAddr . $config['token_salt']);
 	}
 }
-- 
cgit v1.2.3